Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi,I have been trying to recover from a find4u hijack, and have found many postings here to be very helpful, I have followed much of the advise I have found here.I have run the following: adaware6,Spybot,Hijackthis & spywareBlaster. By doing so I have deleted the bogus winlogon along with any lines hijackthis found pointing to find4u, and I finally got find4u to stop popping up. I still see some things in my log that I am not sure of like khooker.exe or AGRSMMSG.exe, here is both my latest hijackthis log and my recent spybot log, could you please tell me if anything still looks buggy, thanks in advance, Robert
Logfile of HijackThis v1.97.7
Scan saved at 11:19:18 PM, on 12/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Sony\giga pocket\ReserveModule.exe
C:\Program Files\SSC\NSCTOP.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\****** Silva\Desktop\AntiSpyware\new hijack\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://clinic.mcafee.com/clinic/vso/en-us/vso4/setexp.asp?register=yes&oemid=1794-656
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe
O4 - HKLM\..\Run: [VAIOSURVEY] C:\Program Files\Sony\VAIO Survey\SurveySA.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,71/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.4526041667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabSPYBOT LOG:
--- Report generated: 2003-12-15 01:42 ---
Alexa Related: What's related link (Replace file, fixed)
C:\WINDOWS\Web\related.htmAUpdate: Autorun settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SAUpdateAvenue A, Inc.: Tracking cookie or cookie of tracking site (File, fixed)
C:\Documents and Settings\Robert Silva\Cookies\robert silva@atdmt[1].txtBackWeb lite: File extension link (Registry key, fixed)
HKEY_CLASSES_ROOT\.bwpBackWeb lite: File extension link (Registry key, fixed)
HKEY_CLASSES_ROOT\bwpfileBackWeb lite: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\BackWebBackWeb lite: Interface ( (IBackWebChannel4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}BackWeb lite: Interface ( (IBackWebDirectoryEntry)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0C6E0440-0B50-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebGeneralSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebSetup)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebSetup4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}BackWeb lite: Interface ( (IBackWebChannelTableNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}BackWeb lite: Interface ( (IBackWebSetupNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWeb2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}BackWeb lite: Interface ( (IBackWebStoryFieldCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{1D91D9E0-004B-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebDirectory)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{15030BC0-0B52-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebDisplaySettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebCommSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebDialerSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebExtension)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}BackWeb lite: Interface ( (IBackWebDownloadTimeConstraintCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}BackWeb lite: Interface ( (IBackWebDownloadTimeConstraint)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}BackWeb lite: Interface ( (IBackWebFileAccess)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakFile)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebDirectoryNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebInfoPakNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWebStoryField)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5B1E13A0-004B-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebFileAccessViaDir)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}BackWeb lite: Interface ( (IBackWebAlertSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}BackWeb lite: Interface ( (IBackWebPlayer)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8028B940-4932-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannelDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannel2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebAllStoryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46423-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannelVariableCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebCommunications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BAD37BC0-2231-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebFilterSettings)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}BackWeb lite: Interface ( (IBackWebGeneralSettings2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}BackWeb lite: Interface ( (IBackWebInfoPak)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelVariable)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}BackWeb lite: Interface ( (IBackWebApplicationNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWebChannelCollection4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}BackWeb lite: Interface ( (IBackWebChannel4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{AEE96320-2131-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebStory)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46424-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebStoryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9DB46422-FF61-11D0-9951-444553540000}BackWeb lite: Interface ( (IBackWebItemDownloadServices)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}BackWeb lite: Interface ( (IBackWebAllInfoPakCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8131F530-649E-11D0-A866-0000B43699FC}BackWeb lite: Interface ( (IBackWeb4)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{740904E0-0BFB-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebInfoPak4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{610141C2-7701-11D1-B042-004095903824}BackWeb lite: Interface ( (IBackWebDirectoryEntryCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebChannel)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWeb)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}BackWeb lite: Interface ( (IBackWebStoryTableNotifications)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{44230BC0-3105-11D1-9951-444553540000}BackWeb lite: Interface ( (IBackWebOpenInfoPakFile)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebInfoPakFilesCollection)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}BackWeb lite: Interface ( (IBackWebDisplaySettings4_2)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}BackWeb lite: Main executable (File, fixed)
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exeBackWeb lite: Netscape viewer (Registry value, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-iadBackWeb lite: Netscape viewer (Registry value, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreviewComet Cursors: Typelib ( (ComUtil 1.0 Type Library)) (Registry key, fixed)
HKEY_CLASSES_ROOT\Typelib\{FA6F74E5-0277-11D3-9B19-00104B279EC4}Download Accelerator Plus: Default ad server (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultServer=http://127.0.0.1Download Accelerator Plus ads: Ad category (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSSecondMediaDownload Accelerator Plus ads: Banner (Replace file, nothing done)
C:\PROGRA~1\DAP\dap.gifDownload Accelerator Plus ads: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventer.1Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBand.1Download Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.DAPIEBarBandDownload Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DAPIEBar.CBAREventerDownload Accelerator Plus ads: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}Download Accelerator Plus ads: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{235D7A27-DE65-49F0-BFCF-D5C3BC3B2E67}Download Accelerator Plus ads: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08}Download Accelerator Plus ads: Default ad category (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADSDefaultCategory=DefaultDownload Accelerator Plus ads: IE extension (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}Download Accelerator Plus ads: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{79516451-3E3E-453a-8968-37942F7979F3}Download Accelerator Plus ads: Typelib ( (DAPBHO 1.0 Type Library)) (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{095006D5-6DA6-4CDC-864E-7498015816BC}Download Accelerator Plus ads: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{72920511-E300-44c1-8565-2FD66D7A7246}DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-4252379429-1418258077-1035699850-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004=W=3
--- Spybot-S&D version: 1.2 ---
2003-11-05 Includes\Cookies.sbi
2003-11-05 Includes\Dialer.sbi
2003-11-24 Includes\Hijackers.sbi
2003-11-11 Includes\Keyloggers.sbi
2003-11-20 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-11-12 Includes\QA Tests.sbi
2003-11-05 Includes\Security.sbi
2003-11-24 Includes\Spybots.sbi
2003-11-21 Includes\Temporary.sbi
2003-11-05 Includes\Tracks.uti
2003-11-21 Includes\Trojans.sbi
Robert,
C:\WINDOWS\AGRSMMSG.exe
Soft modem driver.
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
SIS motherboard keyboard software.hth
shep
0 
I have recently removed the trojan.byteverify program but its effects are stillpersistant...I have updated,rescannned,adjusted EVERYTHING....no further virus detected yet...every reboot shows the same effects of the virus
0
I would fix this one:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
YhiThis one is questionable.
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dllKontiki used to be considered spyware.
about Kontiki:
http://www.safer-networking.org/index.php?lang=en&page=knowledgebase/threats/spybots-kontikiThere may be others that need to be removed also, you might want to wait for a expert (Tom41).
0
thanks shep for the info on hooker. ALso..Thanks Suzi I was suspicious of Kontiki also, on a side note, spybot put checks by each entry pertaining to DAP [Download accelerater] But I have opted to hold off on removing them just yet, you can see them in my spybot log.
Hi nycjohn2,to answer your question,after seeing winlogon (the bogus one in startup, not the needed one in system32)in my hijacker log I then deleted it in safe mode, after that I was able to reset my home page without new hijack lines being generated in my C:\WINDOWS\system32\drivers\etc\hosts file (I had learned that after you view this file in notepad,there should only be one line in that file, wheras I had like 40 plus)no more line/no more pop ups, now I am trying to make sure that I kill the whole bug body, not just cut off it's head.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
